Quelqu'un pour mon HijackThis?

Amy -  
 Utilisateur anonyme -
Bonjour,

Merci de me dire ce qui ne va pas, j'avais déjà une âme charitable mais on s'est perdu de vue...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:35, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Nadra\Mes documents\Mes images\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC3347] cmd /c del "C:\Program Files\WinAntiVirus Pro 2006\WAV6COM.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8542 bytes
Configuration: Windows XP
Internet Explorer 6.0

82 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
Résumé de la discussion

Ce résumé exploite un log Trend Micro HijackThis v2.0.2 et des éléments de démarrage, des services et des modules sur un PC Windows XP SP2 avec Internet Explorer 6. Les points critiques incluent la modification du proxy à 127.0.0.1:8100 et la présence de plusieurs BHO et barres d'outils, susceptibles de rediriger le trafic et d'afficher des contenus publicitaires. Des services légitimes comme Avast cohabitent avec des entrées et DLL potentiellement indésirables, notamment en raison de composants supplémentaires dans le démarrage et des références à des fichiers inexpliqués. En pratique, l'analyse requiert des rapports complets et des étapes précises (dépannage en mode sans échec, suppression des éléments suspects et vérification des paramètres système) pour éviter les dommages et les réinfections.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonjour

    La console Java n'est pas à jour: Faille de sécurité !!!
    Voir ici

    Clique ici

    Choisis la première ligne de téléchargement puis installe java.
    En fin d'installation, revient sur la page pour vérifier ton installation.
    Quand l'installation a réussi, ouvre le panneau de configuration >
    Ajout/suppression de programmes et supprimes les anciennes versions (de java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
    Fais cela pour chacune d'elle, une a une, fais redémarrer ton PC quand cela te le sera demandé .
    0
  2. Utilisateur anonyme
     
    ensuite reposte un log hijackthis

    IMPORTANT

    Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier
    et choisis "renommer" : tapes eden et valide . FAIRE AVANT TOUT LANCEMENT DE HIJACKTHIS


    0
  3. Amy
     
    Voici mon nouveau HijackThis
    Concernant la suppression de Java: il n'y en avait que 2, j'ai supprimé le J2SE (j'espère que c'est celui là qu'il fallait éliminer?)
    Et je n'ai pas de "Trend Micro" dans mon programe files.

    Merci


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:03:33, on 17/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Documents and Settings\Nadra\Mes documents\Mes images\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  4. Utilisateur anonyme
     
    je regarde et te dit

    hijackthis est la

    C:\Documents and Settings\Nadra\Mes documents\Mes images\HiJackThis.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Amy
     
    Voilà j'ai renommé avec eden. Ca sert à quoi de le renommer?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:20:39, on 17/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Documents and Settings\Nadra\Mes documents\Mes images\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  7. Utilisateur anonyme
     
    Voilà j'ai renommé avec eden. Ca sert à quoi de le renommer?

    certaines infections détecte son lancement et se cachent voila pourquoi il faut le renommer je regarde ton rapport
    0
  8. Utilisateur anonyme
     
    fait ceci stp une interrogation

    Télécharges ToolBar S&D ( de Eric_71 ) :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
    0
  9. Amy
     
    Mon rapport ToolBar

    -----------\\ ToolBar S&D 1.1.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.00GHz )
    BIOS : Default System BIOS
    USER : Nadra ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080916-0] 4.8.1229 (Activated)

    "C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 )
    Option : [1] ( 17/09/2008|12:36 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://runonce.msn.com/?v=msgrv75"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROGUES ..

    C:\DOCUME~1\Nadra\APPLIC~1\WinAntiVirus Pro 2006
    C:\PROGRA~1\WinAntiVirus Pro 2006

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 07/09/2008|19:27 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 07/09/2008|19:54 - Option : [2]
    3 - "C:\ToolBar SD\TB_3.txt" - 17/09/2008|12:39 - Option : [1]

    -----------\\ Fin du rapport a 12:39:49,01
    0
  10. Utilisateur anonyme
     
    ok et 1 de trouvé

    Télécharge SmitfraudFix
    Utilitaire de S!Ri: Moe et balltrap34
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Regarde le tuto

    Exécute le en choisissant l’option 1,
    il va générer un rapport
    Copie/colle le sur le poste stp.
    0
  11. Amy
     
    SmitFraudFix v2.352

    Rapport fait à 13:23:12,85, 17/09/2008
    Executé à partir de C:\Documents and Settings\Nadra\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\
    0
  12. Utilisateur anonyme
     
    le rapport n'est pas complet
    0
  13. Amy
     
    Désolée je suis un boulet lol
    Mon pc est leeent
    .

    SmitFraudFix v2.352

    Rapport fait à 13:39:35,70, 17/09/2008
    Executé à partir de C:\Documents and Settings\Nadra\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nadra

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nadra\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nadra\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 89.2.0.1
    DNS Server Search Order: 89.2.0.2

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A6537E26-7D69-405B-B8BA-AE9D4036E363}: DhcpNameServer=89.2.0.1 89.2.0.2
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A6537E26-7D69-405B-B8BA-AE9D4036E363}: DhcpNameServer=89.2.0.1 89.2.0.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{A6537E26-7D69-405B-B8BA-AE9D4036E363}: DhcpNameServer=89.2.0.1 89.2.0.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. Utilisateur anonyme
     
    ok on passe a autre chose

    1) Télécharge et installe Malwarebyte's Anti-Malware:

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
    Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

    Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

    Laisse les Mises à jour se télécharger
    *** Referme le programme ***

    2) Redémarre en "Mode sans échec"

    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionner "Mode sans échec" et appuie sur [Entrée]
    Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
    Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/

    Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

    3) Scan avec Malwarebyte's Anti-Malware

    Lance Malwarebyte's Anti-Malware
    Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
    A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
    Suppression des éléments détectés >>>>
    supprime ce qu'il a trouvé vide également les éléments de la quarantaine
    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    --> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.

    quand tu demande une analyse, demande en mode sans échec.

    Pourquoi en mode sans échec:

    *Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
    *Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    0
  15. Amy
     
    Voilà c'est fait, c'était long...

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1163
    Windows 5.1.2600 Service Pack 2

    17/09/2008 16:27:24
    mbam-log-2008-09-17 (16-27-23).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 112400
    Temps écoulé: 2 hour(s), 18 minute(s), 50 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 165
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\AWBase (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\AWBase\database (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\aapelvhv (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\abmnbdkk (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\aiopirpz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\aiupvniz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ajukagoc (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\akhiqrcq (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ampiysma (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\apemlcck (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\apxassra (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\atbisdgo (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\atrsksbw (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bbobzjek (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bcwmuywf (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\blexcqnn (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bnkyxxvw (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bonuyefb (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bqjverbc (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bquotybl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\bthmyipi (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\cmeqosbd (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\cmsmyyft (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\cogjyuki (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\crmtxcke (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\dbmtxlvl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\dhogsbff (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\dynltxiy (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\edtottys (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\eljivykt (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\emxxcuks (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\engrmwbr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\eqgiwpjz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ertnpgmu (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\exuyaibt (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\fdvbofjl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\fkalarym (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\folirhzj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\fqfpexvv (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\fthfzwva (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\fyvkbids (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\gaxvsjbj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\glbygyyk (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\gnsskhdw (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\gsvcpaaz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\gtynjppy (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hgfukjhg (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hhjpeojl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hnvkxvht (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hpisddid (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hsxhrfbk (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hvcpryam (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hvcwuxta (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\hxwrotde (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ijwzrgnb (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\iudsileo (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ixodyqri (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jbqfrrie (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jdoowzhr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jhnbzgkr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jqqdlxzg (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jqyqhclj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jtoeziwm (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jvwdusav (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\jxtxefjc (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\kcdxdnyk (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\kkbecbyi (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\knhxvsro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\krpiqqbh (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\kyadizib (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\leghtfte (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\likhwwgx (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\lvuitfhp (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\mcrrfnos (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\mmgzdyhy (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\mnqjxuen (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\mxbpimaj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\najmddsn (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nhbsldgw (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nigmqbyg (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nimgrlex (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\njqzhskt (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nnljxemr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nqpsfpau (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nyrvexzm (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\nyxpunif (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ocglidut (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\opwaazgx (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\oreqaaax (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\orqavajb (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\owdrxabn (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\pcjyioqj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\pecjamam (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\pevttpqr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\pfxtkhio (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\plpvrpwt (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\poiscwye (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\putdtapa (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\pvhaxbam (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\qfnhyplp (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\qgsmibtv (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\qhlncmaq (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\rhdssnkr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\rmfdwroe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\sacolvjl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\scsledxj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\scyxkjkb (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\sdarbgkf (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\shaplqdl (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\smhagkce (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\smtxhrya (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\snigvibe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\spndfkds (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ssjopjqy (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\sstruqlz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\tizdfaun (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\tjnsskyj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\tleeyrbh (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\tudhrbja (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\tvfrmxwy (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\uiuwbjsr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ulbgvanu (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ulgnveha (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\uqehqtdi (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vadzlbzq (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vaffjege (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vbdiydua (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\velgumun (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vhrothhj (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vrjkqeqe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vxsgewpg (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\vytbntue (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wbxluajz (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wbzalcfi (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wccshbvp (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wijokxud (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wnxtuvym (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\woatxhjs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wokrwknb (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wqyxzlss (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wvwnjvhr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\wwvfpibm (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\xfzbguhc (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\xighlseu (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\xldcbhlf (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\yghkrrrf (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ykfnfcoe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ykkagznm (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ykvxgoce (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ysxextss (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\ysynslxh (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zalmamlu (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zbibxppv (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zliycpmw (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\znfypiam (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zoqhawii (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zvtexilg (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\Download\zzkxndfh (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\PGBase (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\UpdateData (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nadra\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maya\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Maya\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\AWBase\database\enemies.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\PGBase\vbpv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\WinAntiVirus Pro 2006\UpdateData\upd2008092006.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    0
  16. Utilisateur anonyme
     
    bon il a bien bossé reposte un log hijackthis stp
    0
  17. Amy
     
    Mon pc est toujours lent...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:55:38, on 17/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Documents and Settings\Nadra\Mes documents\Mes images\eden.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Nadra\Bureau\Nadra\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  18. Amy
     
    Lent, je ne saurais pas donner de degré dans la lenteur, en revanche toi tu es trèèès rapide!!

    Alors l'avancement de la chose, ça se présente comment? Il y a encore infection?
    0
  19. Utilisateur anonyme
     
    attend je réfléchi et te le dit
    0
  • 1
  • 2
  • 3
  • 4
  • 5